diff options
author | Darren Tucker <dtucker@cvs.openbsd.org> | 2005-01-19 13:11:48 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2005-01-19 13:11:48 +0000 |
commit | 33b3db42e399e40816dc09c27ca2c1135e03864f (patch) | |
tree | 463a79cae95e31e53edc2fe9950501e9e3032699 /usr.bin/ssh/auth2-chall.c | |
parent | 426022726f7517d9f29850bd17ef2022337c86ab (diff) |
Have keyboard-interactive code call the drivers even for responses for
invalid logins. This allows the drivers themselves to decide how to handle
them and prevent leaking information where possible. Existing behaviour for
bsdauth is maintained by checking authctxt->valid in the bsdauth driver.
Note that any third-party kbdint drivers will now need to be able to handle
responses for invalid logins. ok markus@
Diffstat (limited to 'usr.bin/ssh/auth2-chall.c')
-rw-r--r-- | usr.bin/ssh/auth2-chall.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c index 5901ed81ec9..2dfc139f768 100644 --- a/usr.bin/ssh/auth2-chall.c +++ b/usr.bin/ssh/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.21 2004/06/01 14:20:45 dtucker Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); #include "ssh2.h" #include "auth.h" @@ -268,12 +268,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); - if (authctxt->valid) { - res = kbdintctxt->device->respond(kbdintctxt->ctxt, - nresp, response); - } else { - res = -1; - } + res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); for (i = 0; i < nresp; i++) { memset(response[i], 'r', strlen(response[i])); @@ -285,7 +280,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) switch (res) { case 0: /* Success! */ - authenticated = 1; + authenticated = authctxt->valid ? 1 : 0; break; case 1: /* Authentication needs further interaction */ |